The title of this submission is editorialized and misleading. @dang, please change to the original title "Three Lessons from Threema -- Analysis of a Secure Messenger".
I would argue that it is not misleading -- the website domain is, after all, "breakingthe3ma.app".
The title of the paper presents a more academic angle, and is intended to highlight what the "learned lessons" are, but let's not forget that Threema was vulnerable to our attacks for 10+ years.
The title of the paper presents a more academic angle, and is intended to highlight what the "learned lessons" are, but let's not forget that Threema was vulnerable to our attacks for 10+ years.